public async Task<string> EncryptText(string textToEncrypt, string keyID)
{
if (string.IsNullOrWhiteSpace(textToEncrypt))
{
return "";
}
else
{
var result = "";
var client = new AmazonKeyManagementServiceClient();
var encryptRequest = new Amazon.KeyManagementService.Model.EncryptRequest();
encryptRequest.KeyId = keyID;
var textBytes = Encoding.UTF8.GetBytes(textToEncrypt);
encryptRequest.Plaintext = new MemoryStream(textBytes, 0, textBytes.Length);
var response = await client.EncryptAsync(encryptRequest);
if (response != null)
{
result = Convert.ToBase64String(response.CiphertextBlob.ToArray());
}
return result;
}
}
This following code perfectly work on local system but get an elastic beanstalk. I cannot find out why this error come
What is the error you are getting? It is most likely an IAM issue. The IAM user permissions on your local box are not the same as the instance profile on the EC2 instance.
Navigate to Elastic Beanstalk > Environments > Your environment > Configuration
Under Security find the IAM instance profile that is being used.
Go to IAM and find the role. It should have a policy statement that allows encrypt actions using that key. Something like:
{
"Action": [
"kms:Decrypt",
"kms:Encrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*"
],
"Resource": "arn:aws:kms:{my region}:{my account id}:key/{my key id}",
"Effect": "Allow"
}
{
"Effect": "Allow",
"Principal": {
"AWS": "{my iam instance profile arn}"
},
"Action": [
"kms:Decrypt",
"kms:Encrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*"
],
"Resource": "*"
}
We need more details about the error to properly assess the problem. But maybe this is the issue.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.